lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20071013160214.D1CDEDA81F@mailserver7.hushmail.com>
Date: Sat, 13 Oct 2007 18:02:14 +0200
From: <jonasthambert@...h.ai>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: PHP File Sharing System 1.5.1

PHP File Sharing System - Directory traversal
+--------------------------------------------+

Author: Jonas Thambert
Date: 2007-10-13
URL: http://sourceforge.net/projects/phpfilesadmin/
Vendor Notified.
Version: 1.5.1 (latest)


[- Description -]

PHP File Sharing System is vulnerable to directory traversal due to 
insufficient security validation and sanitization of user-data. The 
 vulnerability allows the attacker to list directories, delete 
files  and create new directories on the system with the same 
permission as  the webbserver-user.

Example - List /tmp directory:
http://www.xxxx.nu/fss/index.php?cam=/../../../../../../../../../../
../tmp

To create dirs and delete files simple use the buttons in the 
webbinterface.


[- Code Location -]
The vulnerable code is located in the index.php file. The 
"$_GET['cam']" is the indata that needs to be checked and 
sanitized. 


[- Exploit -]
Not needed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ